Activesync - you don't have permission to sync with this server

Added new Exchange 2016 server. Old Exchange 2010 server is the internet facing server. In the process of migrating mailboxes to the new 2016 server. Users that have been migrated now don't receive any updates on mobile/activesync devices. If I attempt new account setup for one of those users we receive "You don't have permission to sync with this server". What do I need to do so all mailboxes (on both the 2010 and the 2016) can use activesync?

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Make sure your 2016 server is the one that is Internet-facing. Exchange 2010 can't proxy connections to 2016 based mailboxes, but 2016 can proxy to 2010. During your migration, though, you'll want to have both servers internet-facing, since some external connections get redirected instead of proxied.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Yes. Exchange 2010 would preferably use legacy.domain.com while 2016 would use your normal A records. If this isn't set up like that, some users won't have access to Exchange through some methods during the migration period, 2016 users if only 2010 is on the Internet, 2010 users if only 2016 is on the Internet.

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.